Post on 08-Jul-2015
description
transcript
A Global Leader in Secure Remote Access
www.netop.com
info.us@netop.com
(866) 725-7833
ABOUT NETOP
The world’s leading companies choose Netop
24%World Top 100 Retailers
60%Financial Times Top 100
42% World Top 50 Banks
50%Fortune 100
ABOUT NETOP
end-users
9M
customers
12K
connections / day
100M
Retail Cyberthreat Summit
Identifying and Securing
Threat Vectors
USERS
Human error is a leading source
of opportunity for cybercrime
Threats
DISCOVERABILITY
If a device is discoverable,
a device is vulnerable.
Threats
REMOTE ACCESS
Remote access points are the
target of choice for
cybercriminals.
Threats
88%
Remote Access
Secure 1. Segment your network
1
Segment your network
Remote Access
Secure
1 2
Segment your network Encrypt your data
1. Segment your network
2. Encrypt your data
Remote Access
Secure
1 2 3
Segment your network Encrypt your data Manage your users
1. Segment your network
2. Encrypt your data
3. Manage your users
Remote Access
Secure
1 2 3 4
Segment your network Encrypt your data Manage your users Document all activity
1. Segment your network
2. Encrypt your data
3. Manage your users
4. Document all activity
Thank you! www.netop.com
info.us@netop.com
(866) 725-7833
Initial
Attack
Vector
Initial
Attack
Vector
20 Critical Security Controls NSA Rank
CSC1Inventory H/W Assets, Criticality,
and LocationVery High
CSC2Inventory S/W Assets, Criticality,
and LocationVery High
CSC3Secure Configuration of Servers
and HardwareVery High
CSC4Vulnerability Assessment
and RemediationVery High
Initial
Attack
Vector
30
Security Professionals
Hackers
We WILL Fail
200 Days
Home Depot
Hit By Same
Malware as
TargetKrebs on Security
September 14, 2014
42
2%
5%
10%
25%
Card Losses
Reputation
Bankruptcy
SAFE FAST SENSITIVE
54
PCIDSS Level 1
SAFE
55FAST
Data7M Transaction / Day
4x growth -> 2x speed
Coverage Map
http://goo.gl_3uDFKP
Transactions/Day
FAST
Performance
FAST
Chain Public Rippleshot AdvantageSpec's Wine & Spirits Mar 20, 2014 Mar 29, 2013 11.7 months
Aaron Brothers Apr 17, 2014 Aug 6, 2013 8.4 months
Neiman Marcus Jan 23, 2014 Oct 11, 2013 3.4 months
Target Dec 18, 2013 Nov 29, 2013 19 days
Michael’s Jan 25, 2014 Dec 10, 2013 1.5 months
California DMV Mar 22, 2014 Jan 22, 2014 1.9 months
Home Depot Sep 2, 2014 Mar 8, 2014 5.9 months
Dairy Queen Aug 27, 2014 Mar 8, 2014 5.7 months
The UPS Store Aug 20, 2014 Mar 8, 2014 5.4 months
Goodwill Industries Jul 14, 2014 Mar 8, 2014 4.2 months
Splash Car Wash Jun 26, 2014 Mar 8, 2014 3.6 months
Sally Beauty Supply Mar 14, 2014 Mar 8, 2014 6 days
PF Chang’s Jun 11, 2014 Mar 25, 2014 2.6 months
Supervalue Aug 15, 2014 Apr 6, 2014 4.3 months
Beef 'O' Brady's Sep 10, 2014 Apr 6, 2014 5.2 months
4.3 Months
FAST
SENSITIVE
61SENSITIVE
Use Case
Start of Breach: April 1st
Public Announcement: September 2nd
Total Cards: 56M
with Rippleshot: 5.6M
Rippleshot Detection: April 15th
Total Fraud Spend: $2B and climbing
with Rippleshot: $200M
Home Depot
Home Depot
67
RETAIL CYBERTHREATSUMMIT
How retailers can mitigate fraud
associated with stolen credit cards
69© COPYRIGHT • IOVATION 69© COPYRIGHT • IOVATION
SCOTT WADDELL, IOVATION
(503) 943-6768
scott.waddell@iovation.com
www.iovation.com
@svwaddell
SCOTT WADDELLChief Technology Officer
70© COPYRIGHT • IOVATION 70© COPYRIGHT • IOVATION
BATTLING ID THEFT AND CREDIT CARD FRAUD
71© COPYRIGHT • IOVATION 71© COPYRIGHT • IOVATION
RECOGNIZING EVERY DEVICE
From smartphones to
gaming consoles, if a device
can access the Internet,
iovation will recognize it.
72© COPYRIGHT • IOVATION 72© COPYRIGHT • IOVATION
DEVICE INTELLIGENCE PROCESS
Is this device
making a
fraudulent
transaction?
1. IDENTIFICATION
2. ASSOCIATIONS
3. ANOMALIES
4. REPUTATION
Has anyone seen this device?
Has anyone had a bad experience?
Is the device guilty by its
association?
Have any device anomalies
been found?
73© COPYRIGHT • IOVATION 73© COPYRIGHT • IOVATION
PROTECTION AT CUSTOMER TOUCH POINTS
74© COPYRIGHT • IOVATION 74© COPYRIGHT • IOVATION
RETAILER: FRAUD SCREENING PROCESS
ReputationManager 360Transactions
and Outcomes
Real-Time
Scoring
Deny
Review
Allow
75© COPYRIGHT • IOVATION 75© COPYRIGHT • IOVATION
DEVICES: UNIQUELY IDENTIFIED AND ASSOCIATED
76© COPYRIGHT • IOVATION 76© COPYRIGHT • IOVATION
ACTIVITY: CREDIT PROCESSOR RETAILERS
77© COPYRIGHT • IOVATION 77© COPYRIGHT • IOVATION
DEVICE INTELLIGENCE: SHARED ACROSS INDUSTRIES
78© COPYRIGHT • IOVATION 78© COPYRIGHT • IOVATION
DEVICE INTELLIGENCE NETWORK
Total Reputation Checks
Known Devices
Verified Frauds
Reputation Checks per Day
Incidents Stopped per Day
Active Fraud Analysts
15 Billion
2 Billion
20 Million
12 Million
200,000
3000
79© COPYRIGHT • IOVATION 79© COPYRIGHT • IOVATION
SPOTTING FRAUDSTER EVASION
FRAUDSTER TECHNIQUES
• Using a Proxy
• Disabling JavaScript
• Blocking Device Identification
• Manipulating Device Attributes
IOVATION COUNTERMEASURES
• Proxy Detection
• Real IP Proxy Piercing
• Tor Detection
• Time Zone Mismatch
• Geolocation Velocity & Mismatch
• Insufficient / Malformed Device Data
• Multi-Domain Recognition
• Device and IP Risk Profiling
TIME ZONE LANGUAGEIP PROFILES GEOLOCATIONCLOAKING
80© COPYRIGHT • IOVATION 80© COPYRIGHT • IOVATION
POWERFUL RULES ENGINE: MAKE IT WORK FOR YOU
EVIDENCE
Identifies risky devices
already associated with fraud
in iovation’s fraud records.
GEOLOCATION
Gets users actual location
with Real IP reveals
unauthorized country, TOR
and more.
VELOCITY
Set thresholds for too many
transactions or multiple
devices accessing account.
WATCH LIST
Create your own custom-built
positive or negative lists
based on your specific fraud.
RISK PROFILE
Indicates when a device has
characteristics similar to other
groups of risky devices.
AGE-BASED
Shows the amount of history
that you have with a paired
account and device.
ANOMALY
Reveals when the device has
risky characteristics or is
trying to evade detection.
COMPOUND
Combine multiple rules to
expand use case and
pinpoint specific fraud
behavior.
81© COPYRIGHT • IOVATION 81© COPYRIGHT • IOVATION
TYPICAL CASE: LOSS AT 4 BUSINESSES
82© COPYRIGHT • IOVATION 82© COPYRIGHT • IOVATION
SHARING INTELLIGENCE ACROSS INDUSTRIES
CommunitiesFinancial Gaming GamblingRetail
83© COPYRIGHT • IOVATION 83© COPYRIGHT • IOVATION
VALUE OF SHARING
Sharing automatically gives you
access to fraud evidence placed
by other iovation clients.
12/12/2014
Jeremy HenleyDirector of Breach Services
760-304-4761
Jeremy.henley@idexpertscorp.com
12/12/2014
Data Breach is a “Legal” Construct
* The definition of “data breach” varies across specific legislation and rules. In US states, many include a “harm threshold”
12/12/2014
• Complete a Privacy & Security Assessment
• Develop or review Incident Response Plan
• Test your plan
• Repeat
12/12/2014
Be Prepared- Have a Team and a Plan
12/12/2014
You will need a repeatable methodology for data breach response to reduce
risks and reach a positive outcome
• Discovery
• Analysis
• Formulate
• Respond